Wireless Access

Reply
New Contributor
Posts: 2
Registered: ‎11-14-2016

How do I change the Virtual Controller IP?

We are in the process of moving from vlan 1 172.16.0.0/16 to vlan 119 10.3.92.0/24. I am able to get an ip from the dhcp server on vlan 119, and was even able to change the Virtual Controller IP with some success. Though my clients get an auto IP when they associate even though the dhcp server is on vlan 119. The ports that I have these APs on are all trunked with vlan 119 set to default in the new config. The old config has the ports in vlan 1 as default. Any help or direction would be appreciated.

 

Here is the config from the primary AP.

 

dayiap2# sh run
version 6.4.2.0-4.1.3
virtual-controller-country US
virtual-controller-key

3
name wapvc
virtual-controller-ip 172.16.254.9
terminal-access
telnet-server
ntp-server 172.16.200.14
clock timezone Eastern-Time -05 00
clock summer-time EDT recurring second sunday march 02:00 first sunday november 02:00
rf-band 5.0

allow-new-aps
allowed-ap 18:64:72:ca:5b:8c
allowed-ap 94:b4:0f:c0:7b:72
allowed-ap 94:b4:0f:c0:7e:84
allowed-ap 94:b4:0f:c0:7f:66
allowed-ap 94:b4:0f:c0:7e:80
allowed-ap 94:b4:0f:c0:7f:0a


snmp-server community 920331767de1f29a44e8a9a1f94dc67a

arm
wide-bands 5ghz
80mhz-support
min-tx-power 127
max-tx-power 127
band-steering-mode prefer-5ghz
air-time-fairness-mode fair-access
client-aware
scanning


syslog-level warn ap-debug
syslog-level warn network
syslog-level warn security
syslog-level warn system
syslog-level warn user
syslog-level warn user-debug
syslog-level warn wireless

 

 


mgmt-user misadmin 

 

wlan access-rule default_wired_port_profile
index 0
rule any any match any any any permit

wlan access-rule wired-instant
index 1
rule masterip 0.0.0.0 match tcp 80 80 permit
rule masterip 0.0.0.0 match tcp 4343 4343 permit
rule any any match udp 67 68 permit
rule any any match udp 53 53 permit

wlan access-rule US-DAY-Wifi
index 2
rule any any match any any any permit

wlan access-rule US-DAY-GST
index 3
rule any any match any any any permit

wlan ssid-profile US-DAY-Wifi
enable
index 0
type employee
essid US-DAY-Wifi
wpa-passphrase a2e28052834c759c9e8f862ddf70f7dc284a835bddaad3b6
opmode wpa2-psk-aes
max-authentication-failures 0
vlan 119
auth-server YAVIN
rf-band all
captive-portal disable
dtim-period 1
inactivity-timeout 1000
broadcast-filter arp
dmo-channel-utilization-threshold 90
local-probe-req-thresh 0
max-clients-threshold 64

wlan ssid-profile US-DAY-GST
enable
index 1
type employee
essid US-DAY-GST
wpa-passphrase deleted
opmode wpa2-psk-aes
max-authentication-failures 0
vlan 122
auth-server InternalServer
rf-band all
captive-portal disable
dtim-period 1
inactivity-timeout 1000
broadcast-filter arp
dmo-channel-utilization-threshold 90
local-probe-req-thresh 0
max-clients-threshold 64

auth-survivability cache-time-out 24

 

dpi

wlan auth-server YAVIN
ip 172.16.200.14
port 1645
acctport 1656
key deleted

wlan external-captive-portal
server localhost
port 80
url "/"
auth-text "Authenticated"
auto-whitelist-disable
https


blacklist-time 3600
auth-failure-blacklist-time 3600

ids
wireless-containment none


wired-port-profile default_wired_port_profile
switchport-mode trunk
allowed-vlan all
native-vlan 1
no shutdown
access-rule-name default_wired_port_profile
speed 1000
duplex full
no poe
type employee
auth-server InternalServer
captive-portal disable
no dot1x
inactivity-timeout 1000

wired-port-profile wired-instant
switchport-mode access
allowed-vlan all
native-vlan guest
no shutdown
access-rule-name wired-instant
speed auto
duplex auto
no poe
type guest
captive-portal disable
no dot1x
inactivity-timeout 1000


enet0-port-profile default_wired_port_profile
enet1-port-profile default_wired_port_profile

uplink
preemption
enforce none
failover-internet-pkt-lost-cnt 10
failover-internet-pkt-send-freq 30
failover-vpn-timeout 180


airgroup
disable

airgroupservice airplay
disable
description AirPlay

airgroupservice airprint
disable
description AirPrint

 

 

MVP
Posts: 308
Registered: ‎04-03-2014

Re: How do I change the Virtual Controller IP?

Hi!

 

Your default port profile says VLAN 1 is untagged and rest is tagged:

wired-port-profile default_wired_port_profile
switchport-mode trunk
allowed-vlan all
native-vlan 1

 

So when placing clients in VLAN 119 the port will tag it and send it to the switchport. But I guess that your switchport have VLAN 119 as untagged since you say that you get an IP-address on it for the access point. Please try to change the SSID to put the clients on VLAN 1 (untagged) if you want them to get IP address from the same VLAN as the access points do.

 

With that said, you might want to take a look att separating the management subnet from the acctual client subnet by placing them on another VLAN that is tagged on the switchport and doesn´t contain APs.

 

Cheers,

Christoffer Jacobsson | Aranya AB
Aruba: ACMX #537 ACCP | CWNP: CWNA CWDP CWSP
New Contributor
Posts: 2
Registered: ‎11-14-2016

Re: How do I change the Virtual Controller IP?

 

This is one switch port config that an AP is connected to before the necessary changes. 

 

interface GigabitEthernet1/0/1

description WIFI AP DAYIAP3

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,2,11,14,21,75,119,122

switchport mode trunk

spanning-tree portfast disable

 

I added vlan119 as native after the changes.

switchport trunk native vlan 119

 

so I should ttry changing the ssid vlan only?

 

 

 

MVP
Posts: 308
Registered: ‎04-03-2014

Re: How do I change the Virtual Controller IP?

Yes, since 119 is untagged on the switchside you´ll need to put the clients on the untagged VLAN of the IAP which seems to be VLAN 1.

 

Cheers,

Christoffer Jacobsson | Aranya AB
Aruba: ACMX #537 ACCP | CWNP: CWNA CWDP CWSP
Search Airheads
Showing results for 
Search instead for 
Did you mean: